amco
diff --git a/‎lib/acl9.rb
Lines changed: 0 additions & 36 deletions b/‎lib/acl9.rb
Lines changed: 0 additions & 36 deletions
diff --git a/‎lib/acl9/controller_extensions/dsl_base.rb
Lines changed: 6 additions & 7 deletions b/‎lib/acl9/controller_extensions/dsl_base.rb
Lines changed: 6 additions & 7 deletions
diff --git a/‎lib/acl9/controller_extensions/generators.rb
Lines changed: 32 additions & 1 deletion b/‎lib/acl9/controller_extensions/generators.rb
Lines changed: 32 additions & 1 deletion
diff --git a/‎lib/acl9/model_extensions/for_subject.rb
Lines changed: 30 additions & 51 deletions b/‎lib/acl9/model_extensions/for_subject.rb
Lines changed: 30 additions & 51 deletions
diff --git a/‎test/controller_extensions/actions_test.rb
Lines changed: 1 addition & 1 deletion b/‎test/controller_extensions/actions_test.rb
Lines changed: 1 addition & 1 deletion
diff --git a/‎test/controller_extensions/multiple_role_arguments_test.rb
Lines changed: 10 additions & 11 deletions b/‎test/controller_extensions/multiple_role_arguments_test.rb
Lines changed: 10 additions & 11 deletions
diff --git a/‎test/controllers/acl_helper_method_test.rb
Lines changed: 1 addition & 4 deletions b/‎test/controllers/acl_helper_method_test.rb
Lines changed: 1 addition & 4 deletions
@@ -35,42 +35,6 @@ def merge! h
   def self.configure
     yield config
   end
-
-  class ArgumentError < ArgumentError; end
-  class RuntimeError < RuntimeError; end
-  class NilObjectError < RuntimeError; end
-
-  ##
-  # This exception is raised whenever ACL block finds that the current user
-  # is not authorized for the controller action he wants to execute.
-  # @example How to catch this exception in ApplicationController
-  #   class ApplicationController < ActionController::Base
-  #     rescue_from 'Acl9::AccessDenied', :with => :access_denied
-  #
-  #     # ...other stuff...
-  #     private
-  #
-  #     def access_denied
-  #       if current_user
-  #         # It's presumed you have a template with words of pity and regret
-  #         # for unhappy user who is not authorized to do what he wanted
-  #         render :template => 'home/access_denied'
-  #       else
-  #         # In this case user has not even logged in. Might be OK after login.
-  #         flash[:notice] = 'Access denied. Try to log in first.'
-  #         redirect_to login_path
-  #       end
-  #     end
-  #   end
-  #
-  class AccessDenied < RuntimeError; end
-
-  ##
-  # This exception is raised when acl9 has generated invalid code for the
-  # filtering method or block. Should never happen, and it's a bug when it
-  # happens.
-  class FilterSyntaxError < ArgumentError; end
-
 end
 
 ActiveRecord::Base.send(:include, Acl9::ModelExtensions)
 
@@ -12,7 +12,6 @@ def initialize(*args)
         @allows = []
         @denys  = []
         @original_args = args
-        @action_clause = nil
       end
 
       def acl_block!(&acl_block)
@@ -109,15 +108,15 @@ def _parse_and_add_rule(*args)
 
         _set_action_clause( _retrieve_only(options), options.delete(:except))
 
-        object_s = _role_object_s(options)
+        object = _role_object(options)
 
         role_checks = args.map do |who|
           case who
           when anonymous then "#{_subject_ref}.nil?"
           when logged_in then "!#{_subject_ref}.nil?"
           when all       then "true"
           else
-            "!#{_subject_ref}.nil? && #{_subject_ref}.has_role?('#{who}'#{object_s})"
+            "!#{_subject_ref}.nil? && #{_subject_ref}.has_role?('#{who}', #{object})"
           end
         end
 
@@ -180,13 +179,13 @@ def _action_check_expression(action_list)
         end
       end
 
-      def _role_object_s(options)
+      def _role_object(options)
         object = _by_preposition options
 
         case object
-        when Class  then ", #{object}"
-        when Symbol then ", #{_object_ref object}"
-        when nil    then ""
+        when Class  then object.to_s
+        when Symbol then _object_ref object
+        when nil    then "nil"
         else
           raise ArgumentError, "object specified by preposition can only be a Class or a Symbol"
         end
 
@@ -1,6 +1,37 @@
 require_relative "dsl_base"
 
 module Acl9
+  ##
+  # This exception is raised whenever ACL block finds that the current user
+  # is not authorized for the controller action he wants to execute.
+  # @example How to catch this exception in ApplicationController
+  #   class ApplicationController < ActionController::Base
+  #     rescue_from 'Acl9::AccessDenied', :with => :access_denied
+  #
+  #     # ...other stuff...
+  #     private
+  #
+  #     def access_denied
+  #       if current_user
+  #         # It's presumed you have a template with words of pity and regret
+  #         # for unhappy user who is not authorized to do what he wanted
+  #         render :template => 'home/access_denied'
+  #       else
+  #         # In this case user has not even logged in. Might be OK after login.
+  #         flash[:notice] = 'Access denied. Try to log in first.'
+  #         redirect_to login_path
+  #       end
+  #     end
+  #   end
+  #
+  class AccessDenied < StandardError; end
+
+  ##
+  # This exception is raised when acl9 has generated invalid code for the
+  # filtering method or block. Should never happen, and it's a bug when it
+  # happens.
+  class FilterSyntaxError < StandardError; end
+
   module Dsl
     module Generators
       class BaseGenerator < Acl9::Dsl::Base
@@ -140,7 +171,7 @@ def #{@method_name}(*args)
                 raise ArgumentError, "call #{@method_name} with 0, 1 or 2 arguments"
               end
 
-              self.action_name = args.first.to_s if args.present?
+              action_name = args.empty? ? self.action_name : args.first.to_s
 
               return #{allowance_expression}
             end
 
@@ -5,12 +5,6 @@ module ModelExtensions
     module ForSubject
       include Prepositions
 
-      DEFAULT = Class.new do
-        def default?
-          true
-        end
-      end.new.freeze
-
       ##
       # Role check.
       #
@@ -44,17 +38,16 @@ def default?
       # @param [Object] object Object to query a role on
       #
       # @see Acl9::ModelExtensions::Object#accepts_role?
-      def has_role?(role_name, object = default)
-        check! object
+      def has_role?(role_name, object = nil)
         role_name = normalize role_name
         object = _by_preposition object
 
-        !! if object == default && !::Acl9.config[:protect_global_roles]
-          _role_objects.find_by_name(role_name.to_s) ||
-          _role_objects.member?(get_role(role_name, object))
+        !! if object.nil? && !::Acl9.config[:protect_global_roles]
+          self._role_objects.find_by_name(role_name.to_s) ||
+          self._role_objects.member?(get_role(role_name, nil))
         else
           role = get_role(role_name, object)
-          role && _role_objects.exists?(role.id)
+          role && self._role_objects.exists?(role.id)
         end
       end
 
@@ -64,24 +57,23 @@ def has_role?(role_name, object = default)
       # @param [Symbol,String] role_name Role name
       # @param [Object] object Object to add a role for
       # @see Acl9::ModelExtensions::Object#accepts_role!
-      def has_role!(role_name, object = default)
-        check! object
+      def has_role!(role_name, object = nil)
         role_name = normalize role_name
         object = _by_preposition object
 
         role = get_role(role_name, object)
 
         if role.nil?
           role_attrs = case object
-                       when Class   then { :authorizable_type => object.to_s }
-                       when default then {}
-                       else              { :authorizable => object }
-                       end.merge({ :name => role_name.to_s })
+                       when Class then { :authorizable_type => object.to_s }
+                       when nil   then {}
+                       else            { :authorizable => object }
+                       end.merge(      { :name => role_name.to_s })
 
-          role = _auth_role_class.create(role_attrs)
+          role = self._auth_role_class.create(role_attrs)
         end
 
-        _role_objects << role if role && !_role_objects.exists?(role.id)
+        self._role_objects << role if role && !self._role_objects.exists?(role.id)
       end
 
       ##
@@ -90,8 +82,7 @@ def has_role!(role_name, object = default)
       # @param [Symbol,String] role_name Role name
       # @param [Object] object Object to remove a role on
       # @see Acl9::ModelExtensions::Object#accepts_no_role!
-      def has_no_role!(role_name, object = default)
-        check! object
+      def has_no_role!(role_name, object = nil)
         role_name = normalize role_name
         object = _by_preposition object
         delete_role(get_role(role_name, object))
@@ -104,8 +95,7 @@ def has_no_role!(role_name, object = default)
       # @return [Boolean] Returns true if +self+ has any roles on +object+.
       # @see Acl9::ModelExtensions::Object#accepts_roles_by?
       def has_roles_for?(object)
-        check! object
-        !!_role_objects.detect(&role_selecting_lambda(object))
+        !!self._role_objects.detect(&role_selecting_lambda(object))
       end
 
       alias :has_role_for? :has_roles_for?
@@ -122,16 +112,14 @@ def has_roles_for?(object)
       #
       #   user.roles_for(product).map(&:name).sort  #=> role names in alphabetical order
       def roles_for(object)
-        check! object
-        _role_objects.select(&role_selecting_lambda(object))
+        self._role_objects.select(&role_selecting_lambda(object))
       end
 
       ##
       # Unassign any roles on +object+ from +self+.
       #
-      # @param [Object,default] object Object to unassign roles for. Empty args means unassign global roles.
-      def has_no_roles_for!(object = default)
-        check! object
+      # @param [Object,nil] object Object to unassign roles for. +nil+ means unassign global roles.
+      def has_no_roles_for!(object = nil)
         roles_for(object).each { |role| delete_role(role) }
       end
 
@@ -140,11 +128,11 @@ def has_no_roles_for!(object = default)
       def has_no_roles!
         # for some reason simple
         #
-        #   roles.each { |role| delete_role(role) }
+        #   self.roles.each { |role| delete_role(role) }
         #
         # doesn't work. seems like a bug in ActiveRecord
-        _role_objects.map(&:id).each do |role_id|
-          delete_role _auth_role_class.find(role_id)
+        self._role_objects.map(&:id).each do |role_id|
+          delete_role self._auth_role_class.find(role_id)
         end
       end
 
@@ -154,7 +142,7 @@ def role_selecting_lambda(object)
         case object
         when Class
           lambda { |role| role.authorizable_type == object.to_s }
-        when default
+        when nil
           lambda { |role| role.authorizable.nil? }
         else
           lambda do |role|
@@ -164,14 +152,13 @@ def role_selecting_lambda(object)
         end
       end
 
-      def get_role(role_name, object = default)
-        check! object
+      def get_role(role_name, object)
         role_name = normalize role_name
 
         cond = case object
                when Class
                  [ 'name = ? and authorizable_type = ? and authorizable_id IS NULL', role_name, object.to_s ]
-               when default
+               when nil
                  [ 'name = ? and authorizable_type IS NULL and authorizable_id IS NULL', role_name ]
                else
                  [
@@ -180,17 +167,17 @@ def get_role(role_name, object = default)
                  ]
                end
 
-        if _auth_role_class.respond_to?(:where)
-          _auth_role_class.where(cond).first
+        if self._auth_role_class.respond_to?(:where)
+          self._auth_role_class.where(cond).first
         else
-          _auth_role_class.find(:first, :conditions => cond)
+          self._auth_role_class.find(:first, :conditions => cond)
         end
       end
 
       def delete_role(role)
         if role
-          if ret = _role_objects.delete(role)
-            if role.send(_auth_subject_class_name.demodulize.tableize).empty?
+          if ret = self._role_objects.delete(role)
+            if role.send(self._auth_subject_class_name.demodulize.tableize).empty?
               ret &&= role.destroy unless role.respond_to?(:system?) && role.system?
             end
           end
@@ -202,11 +189,7 @@ def normalize role_name
         Acl9.config[:normalize_role_names] ? role_name.to_s.underscore.singularize : role_name.to_s
       end
 
-      private
-
-      def check! object
-        raise NilObjectError if object.nil?
-      end
+      protected
 
       def _by_preposition object
         object.is_a?(Hash) ? super : object
@@ -221,11 +204,7 @@ def _auth_role_assoc
       end
 
       def _role_objects
-        send(_auth_role_assoc)
-      end
-
-      def default
-        DEFAULT
+        send(self._auth_role_assoc)
       end
     end
   end
 
@@ -121,7 +121,7 @@ class ActionTest < Base
 
       assert set_all_actions
       permit_some owner,  @all_actions, :foo => foo
-      permit_some hacker, %w(show index destroy), foo: foo
+      permit_some hacker, %w(show index destroy)
       permit_some another_owner, %w(show index destroy), :foo => foo
     end
 
 
@@ -107,30 +107,29 @@ class MultipleRoleArgumentsTest < Base
 
     test "should also respect :to and :except" do
       assert foo = Foo.create
-      assert too = Foo.create
 
-      assert ( goo = User.create ).has_role! :goo
+      assert ( foo = User.create ).has_role! :foo
       assert ( joo = User.create ).has_role! :joo, foo
       assert ( qoo = User.create ).has_role! :qoo, Bar
 
       @tester.acl_block! do
-        allow :goo, :boo,              :to => [:index, :show]
+        allow :foo, :boo,              :to => [:index, :show]
         allow :zoo, :joo, :by => :foo, :to => [:edit, :update]
         allow :qoo, :woo, :of => Bar
         deny  :qoo, :woo, :of => Bar,  :except => [:delete, :destroy]
       end
 
-      assert_permitted goo, 'index'
-      assert_permitted goo, 'show'
-      assert_forbidden goo, 'edit', foo: too
+      assert_permitted foo, 'index'
+      assert_permitted foo, 'show'
+      assert_forbidden foo, 'edit'
       assert_permitted joo, 'edit', :foo => foo
       assert_permitted joo, 'update', :foo => foo
       assert_forbidden joo, 'show', :foo => foo
-      assert_forbidden joo, 'show', foo: foo
-      assert_permitted qoo, 'delete', foo: too
-      assert_permitted qoo, 'destroy', foo: too
-      assert_forbidden qoo, 'edit', foo: too
-      assert_forbidden qoo, 'show', foo: too
+      assert_forbidden joo, 'show'
+      assert_permitted qoo, 'delete'
+      assert_permitted qoo, 'destroy'
+      assert_forbidden qoo, 'edit'
+      assert_forbidden qoo, 'show'
     end
   end
 end
@@ -13,13 +13,10 @@ class ACLHelperMethodTest < ActionController::TestCase
   end
 
   test "another user denied" do
-    assert @another = User.create
-    assert @another.has_role! :owner, Foo.first_or_create
-
     assert @user.has_role! :owner
 
     assert get :allow, params: { user_id: @user.id }
-    assert_select 'div', 'AccessDenied'
+    assert_select 'div', 'OK'
   end
 
   test "anon denied" do